53 Total advisories
53 Vulnerabilities
0 Malware
Vulnerabilities
CRITICAL 9.6
CVE-2025-30215
NATS Server may fail to authorize certain Jetstream admin APIs
MEDIUM 5.3
CVE-2026-33219
NATS is vulnerable to pre-auth DoS through WebSockets client service
MEDIUM 5.9
CVE-2026-27571
nats-server websockets are vulnerable to pre-auth memory DoS
UNKNOWN
CVE-2026-29785
NATS Server panic via malicious compression on leafnode port in github.com/nats-io/nats-server
HIGH 7.5
CVE-2020-28466
Denial of service in github.com/nats-io/nats-server/server
UNKNOWN
CVE-2026-33249
NATS: Message tracing can be redirected to arbitrary subject in github.com/nats-io/nats-server
MEDIUM 4.3
CVE-2026-33249
NATS: Message tracing can be redirected to arbitrary subject
HIGH 7.5
CVE-2026-33218
NATS has pre-auth server panic via leafnode handling
HIGH 8.6
CVE-2026-33216
NATS has MQTT plaintext password disclosure
HIGH 7.5
CVE-2026-27889
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead
MEDIUM 6.4
CVE-2026-33223
NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing
MEDIUM 6.4
CVE-2026-33246
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers
HIGH 7.1
CVE-2026-33217
NATS allows MQTT clients to bypass ACL checks
MEDIUM 4.2
CVE-2026-33248
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
HIGH 7.5
CVE-2026-29785
NATS Server panic via malicious compression on leafnode port
MEDIUM 4.9
CVE-2026-33222
NATS JetStream has an authorization bypass through its Management API
MEDIUM 6.5
CVE-2026-33215
NATS is vulnerable to MQTT hijacking via Client ID
HIGH 7.4
CVE-2026-33247
NATS credentials are exposed in monitoring port via command-line argv
UNKNOWN
CVE-2026-33218
NATS has pre-auth server panic via leafnode handling in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33247
NATS credentials are exposed in monitoring port via command-line argv in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33223
NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33216
NATS has MQTT plaintext password disclosure in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33222
NATS JetStream has an authorization bypass through its Management API in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33219
NATS is vulnerable to pre-auth DoS through WebSockets client service in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33246
NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33248
NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33217
NATS allows MQTT clients to bypass ACL checks in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-33215
NATS is vulnerable to MQTT hijacking via Client ID in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-27889
NATS: Pre-auth remote server crash via WebSocket frame length overflow in wsRead in github.com/nats-io/nats-server
MEDIUM 6.5
CVE-2022-26652
Arbitrary file write in nats-server
UNKNOWN
CVE-2020-28466
Denial of service in github.com/nats-io/nats-server/server in github.com/nats-io/nats-server
UNKNOWN
CVE-2022-29946
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects in github.com/nats-io/nats-server
UNKNOWN
CVE-2022-28357
NATS nats-server allows directory traversal via unintended path to a management action in github.com/nats-io/nats-server
UNKNOWN
CVE-2022-24450
Incorrect Authorization in NATS nats-server in github.com/nats-io/nats-server
UNKNOWN
CVE-2022-26652
Arbitrary file write in nats-server in github.com/nats-io/nats-server
UNKNOWN
CVE-2026-27571
nats-server websockets are vulnerable to pre-auth memory DoS in github.com/nats-io/nats-server
UNKNOWN
CVE-2021-32026
NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server
UNKNOWN
CVE-2023-47090
Authorization bypass in github.com/nats-io/nats-server/v2
HIGH 7.5
CVE-2020-26521
Nil dereference in NATS JWT causing DoS of nats-server
HIGH 7.5
GO-2022-0398
Import loops in account imports, nats-server DoS
UNKNOWN
CVE-2020-26892
Incorrect handling of credential expiry by /nats-io/nats-server
HIGH 7.5
CVE-2019-13126
Integer Overflow or Wraparound in NATS Server
UNKNOWN
CVE-2019-13126
Integer Overflow or Wraparound in NATS Server in github.com/nats-io/nats-server
UNKNOWN
GHSA-gwj5-3vfq-q992
Import loops in account imports, nats-server DoS in github.com/nats-io/nats-server
UNKNOWN
CVE-2025-30215
Missing ACLs on JavaScript APIs allowing privilege escalation github.com/nats-io/nats-server
UNKNOWN
CVE-2021-32026
NATS server TLS missing ciphersuite settings when CLI flags used
HIGH 7.5
CVE-2021-3127
github.com/nats-io/nats-server Import token permissions checking not enforced
HIGH 7.5
CVE-2021-3127
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
UNKNOWN
CVE-2023-47090
NATS.io: Adding accounts for just the system account adds auth bypass
HIGH 7.5
CVE-2023-46129
xkeys seal encryption used fixed key for all encryption
MEDIUM 6.5
CVE-2022-29946
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
HIGH 8.8
CVE-2022-24450
Incorrect Authorization in NATS nats-server
UNKNOWN
GHSA-4frv-5fj6-4p25
Duplicate Advisory: NATS.io: Adding accounts for just the system account adds auth bypass
Ready to move
Start Securing
Free, no credit card | First findings in minutes